Title :
The Contemporary Software Security Landscape
Author_Institution :
Bombardier Aerosp., Dorval
Abstract :
Microsoft´s release of Windows Vista marks the arrival of a new era for software security. Fundamental changes have gradually occurred, bringing us to a point now where the threat landscape no longer resembles what it was just a few years ago. Vista´s release is ideal to consider as a culmination point; it´s from here that software attack strategies will move into new directions. In this article, the author examines some of these new directions, as well as some of the changes related to Vista that most encapsulate the current threat landscape for software security. Eight characterirstics most strongly define the new software security threat landscape. Let´s take a look at them: actualization of Web vulnerability threats; advances in code analysis; more advanced techniques; client-side vulnerabilities; remote exploitation; targeted attacks; sale of vulnerability information; and anti-exploitation technology.
Keywords :
Internet; operating system kernels; security of data; Web vulnerability threat; Windows Vista; antiexploitation technology; client-side vulnerabilities; code analysis; remote exploitation; software attack strategy; software security; targeted attacks; threat landscape; vulnerability information sale; Buffer overflow; Computer security; Graph theory; Information security; Network address translation; Privacy; Runtime; Visualization; World Wide Web; Writing; Vista; attack; kernel; security; software; vulnerabilities;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2007.73
